66 matches found
Important: Red Hat Security Advisory: zero trust workload identity manager for Red Hat OpenShift 1.0.1
zero trust workload identity manager for Red Hat OpenShift 1.0.1 The Zero Trust Workload Identity Manager ZTWIM is a day-2 operator. The operator manages lifecycle of operand components from SPIRE project. The goal of ZTWIM is to provide secure, verifiable workload identities for workloads in...
Important: Red Hat Security Advisory: zero trust workload identity manager for Red Hat OpenShift 1.0.1
zero trust workload identity manager for Red Hat OpenShift 1.0.1 The Zero Trust Workload Identity Manager ZTWIM is a day-2 operator. The operator manages lifecycle of operand components from SPIRE project. The goal of ZTWIM is to provide secure, verifiable workload identities for workloads in...
Important: Red Hat Security Advisory: zero trust workload identity manager for Red Hat OpenShift 1.0.1
zero trust workload identity manager for Red Hat OpenShift 1.0.1 The Zero Trust Workload Identity Manager ZTWIM is a day-2 operator. The operator manages lifecycle of operand components from SPIRE project. The goal of ZTWIM is to provide secure, verifiable workload identities for workloads in...
Important: Red Hat Security Advisory: zero trust workload identity manager for Red Hat OpenShift 1.0.1
zero trust workload identity manager for Red Hat OpenShift 1.0.1 The Zero Trust Workload Identity Manager ZTWIM is a day-2 operator. The operator manages lifecycle of operand components from SPIRE project. The goal of ZTWIM is to provide secure, verifiable workload identities for workloads in...
Important: Red Hat Security Advisory: zero trust workload identity manager for Red Hat OpenShift 1.0.1
zero trust workload identity manager for Red Hat OpenShift 1.0.1 The Zero Trust Workload Identity Manager ZTWIM is a day-2 operator. The operator manages lifecycle of operand components from SPIRE project. The goal of ZTWIM is to provide secure, verifiable workload identities for workloads in...
GHSA-WG65-39GG-5WFJ Prometheus Azure AD remote write OAuth client secret exposed via config API
Impact Users who use Azure AD remote write with OAuth authentication are impacted. The clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving the configuration via the...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: grafana-pyroscope, ipfs-cluster, migrate, snyk-cli, kaf, secrets-store-csi-driver-provider-azure, prometheus-blackbox-exporter, q, k3s, whereabouts, azurefile-csi, incert, smokescreen, nri-f5, spark-operator, hey, mongodb-kubernetes-operator, envconsul,...
openSUSE 16 Security Update : tailscale (openSUSE-SU-2026:20192-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20192-1 advisory. Changes in tailscale: - Update to version 1.94.0: IS SET and NOT SET have been added as device posture operators India DERP Region City Name...
OPENSUSE-SU-2026:20192-1 Security update for tailscale
This update for tailscale fixes the following issues: Changes in tailscale: - Update to version 1.94.0: IS SET and NOT SET have been added as device posture operators India DERP Region City Name updated Custom DERP servers support GCP Certificate Manager Tailscale SSH authentication, when...
openSUSE 16 Security Update : golang-github-prometheus-prometheus (openSUSE-SU-2026:20177-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20177-1 advisory. Update to version 3.5.0: Security issues fixed: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of...
EUVD-2022-7271
Malicious code in bioql PyPI...
EUVD-2023-1100
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-1299
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...
Linux Distros Unpatched Vulnerability : CVE-2025-1296
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nomad Community and Nomad Enterprise Nomad are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This...
Aembit Extends Workload IAM to Microsoft Ecosystem, Securing Hybrid Access for Non-Human Identities
Silver Spring, Maryland, 3rd June 2025, CyberNewsWire...
CVE-2023-1299
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...
CVE-2022-3866
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...
Identity Control Plane: the Unifying Layer for Zero Trust Infrastructure
This paper introduces the Identity Control Plane ICP, an architectural framework for enforcing identity-aware Zero Trust access across human users, workloads, and automation systems. The ICP model unifies SPIFFE-based workload identity, OIDC/SAML user identity, and scoped automation credentials v...
Establishing Workload Identity for Zero Trust CI/CD: from Secrets to SPIFFE-Based Authentication
CI/CD systems have become privileged automation agents in modern infrastructure, but their identity is still based on secrets or temporary credentials passed between systems. In enterprise environments, these platforms are centralized and shared across teams, often with broad cloud permissions an...
Intent-Aware Authorization for Zero Trust CI/CD
This paper introduces intent-aware authorization for Zero Trust CI/CD systems. Identity establishes who is making the request, but additional signals are required to decide whether access should be granted. We describe a control loop architecture where policy engines such as OPA and Cedar evaluat...